CVE-2012-6064

Опубликовано: 03 дек. 2012

Источник: nvd

CVSS2: 3.5

EPSS Низкий

Описание

Directory traversal vulnerability in lib/filemanager/imagemanager/images.php in CMS Made Simple (CMSMS) before 1.11.2.1 allows remote authenticated administrators to delete arbitrary files via a .. (dot dot) in the deld parameter. NOTE: this can be leveraged using CSRF (CVE-2012-5450) to allow remote attackers to delete arbitrary files.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:cmsmadesimple:cms_made_simple:*:*:*:*:*:*:*:*

Версия до 1.11.2 (включая)

cpe:2.3:a:cmsmadesimple:cms_made_simple:0.1:*:*:*:*:*:*:*

cpe:2.3:a:cmsmadesimple:cms_made_simple:0.2:*:*:*:*:*:*:*

cpe:2.3:a:cmsmadesimple:cms_made_simple:0.2.1:*:*:*:*:*:*:*

cpe:2.3:a:cmsmadesimple:cms_made_simple:0.3:*:*:*:*:*:*:*

cpe:2.3:a:cmsmadesimple:cms_made_simple:0.3.1:*:*:*:*:*:*:*

cpe:2.3:a:cmsmadesimple:cms_made_simple:0.3.2:*:*:*:*:*:*:*

cpe:2.3:a:cmsmadesimple:cms_made_simple:0.4:*:*:*:*:*:*:*

cpe:2.3:a:cmsmadesimple:cms_made_simple:0.4.1:*:*:*:*:*:*:*

cpe:2.3:a:cmsmadesimple:cms_made_simple:0.5:*:*:*:*:*:*:*

cpe:2.3:a:cmsmadesimple:cms_made_simple:0.5.1:*:*:*:*:*:*:*

cpe:2.3:a:cmsmadesimple:cms_made_simple:0.6:*:*:*:*:*:*:*

cpe:2.3:a:cmsmadesimple:cms_made_simple:0.6.1:*:*:*:*:*:*:*

cpe:2.3:a:cmsmadesimple:cms_made_simple:0.6.2:*:*:*:*:*:*:*

cpe:2.3:a:cmsmadesimple:cms_made_simple:0.6.3:*:*:*:*:*:*:*

cpe:2.3:a:cmsmadesimple:cms_made_simple:0.7:*:*:*:*:*:*:*

cpe:2.3:a:cmsmadesimple:cms_made_simple:0.7.1:*:*:*:*:*:*:*

cpe:2.3:a:cmsmadesimple:cms_made_simple:0.7.2:*:*:*:*:*:*:*

cpe:2.3:a:cmsmadesimple:cms_made_simple:0.7.3:*:*:*:*:*:*:*

cpe:2.3:a:cmsmadesimple:cms_made_simple:0.8:*:*:*:*:*:*:*

cpe:2.3:a:cmsmadesimple:cms_made_simple:0.8.1:*:*:*:*:*:*:*

cpe:2.3:a:cmsmadesimple:cms_made_simple:0.8.2:*:*:*:*:*:*:*

cpe:2.3:a:cmsmadesimple:cms_made_simple:0.9:*:*:*:*:*:*:*

cpe:2.3:a:cmsmadesimple:cms_made_simple:0.9.1:*:*:*:*:*:*:*

cpe:2.3:a:cmsmadesimple:cms_made_simple:0.9.2:*:*:*:*:*:*:*

cpe:2.3:a:cmsmadesimple:cms_made_simple:0.10:*:*:*:*:*:*:*

cpe:2.3:a:cmsmadesimple:cms_made_simple:0.10.1:*:*:*:*:*:*:*

cpe:2.3:a:cmsmadesimple:cms_made_simple:0.10.2:*:*:*:*:*:*:*

cpe:2.3:a:cmsmadesimple:cms_made_simple:0.10.3:*:*:*:*:*:*:*

cpe:2.3:a:cmsmadesimple:cms_made_simple:0.10.4:*:*:*:*:*:*:*

cpe:2.3:a:cmsmadesimple:cms_made_simple:0.11:*:*:*:*:*:*:*

cpe:2.3:a:cmsmadesimple:cms_made_simple:0.11.1:*:*:*:*:*:*:*

cpe:2.3:a:cmsmadesimple:cms_made_simple:0.11.2:*:*:*:*:*:*:*

cpe:2.3:a:cmsmadesimple:cms_made_simple:0.12:*:*:*:*:*:*:*

cpe:2.3:a:cmsmadesimple:cms_made_simple:0.12.1:*:*:*:*:*:*:*

cpe:2.3:a:cmsmadesimple:cms_made_simple:0.12.2:*:*:*:*:*:*:*

cpe:2.3:a:cmsmadesimple:cms_made_simple:0.13:*:*:*:*:*:*:*

cpe:2.3:a:cmsmadesimple:cms_made_simple:1.0:*:*:*:*:*:*:*

cpe:2.3:a:cmsmadesimple:cms_made_simple:1.0.1:*:*:*:*:*:*:*

cpe:2.3:a:cmsmadesimple:cms_made_simple:1.0.2:*:*:*:*:*:*:*

cpe:2.3:a:cmsmadesimple:cms_made_simple:1.0.3:*:*:*:*:*:*:*

cpe:2.3:a:cmsmadesimple:cms_made_simple:1.0.4:*:*:*:*:*:*:*

cpe:2.3:a:cmsmadesimple:cms_made_simple:1.0.5:*:*:*:*:*:*:*

cpe:2.3:a:cmsmadesimple:cms_made_simple:1.0.6:*:*:*:*:*:*:*

cpe:2.3:a:cmsmadesimple:cms_made_simple:1.1:*:*:*:*:*:*:*

cpe:2.3:a:cmsmadesimple:cms_made_simple:1.1.1:*:*:*:*:*:*:*

cpe:2.3:a:cmsmadesimple:cms_made_simple:1.1.2:*:*:*:*:*:*:*

cpe:2.3:a:cmsmadesimple:cms_made_simple:1.1.3:*:*:*:*:*:*:*

cpe:2.3:a:cmsmadesimple:cms_made_simple:1.1.3.1:*:*:*:*:*:*:*

cpe:2.3:a:cmsmadesimple:cms_made_simple:1.1.4:*:*:*:*:*:*:*

cpe:2.3:a:cmsmadesimple:cms_made_simple:1.2:*:*:*:*:*:*:*

cpe:2.3:a:cmsmadesimple:cms_made_simple:1.2.1:*:*:*:*:*:*:*

cpe:2.3:a:cmsmadesimple:cms_made_simple:1.2.2:*:*:*:*:*:*:*

cpe:2.3:a:cmsmadesimple:cms_made_simple:1.2.3:*:*:*:*:*:*:*

cpe:2.3:a:cmsmadesimple:cms_made_simple:1.2.4:*:*:*:*:*:*:*

cpe:2.3:a:cmsmadesimple:cms_made_simple:1.2.5:*:*:*:*:*:*:*

cpe:2.3:a:cmsmadesimple:cms_made_simple:1.3:*:*:*:*:*:*:*

cpe:2.3:a:cmsmadesimple:cms_made_simple:1.3:beta1:*:*:*:*:*:*

cpe:2.3:a:cmsmadesimple:cms_made_simple:1.3:beta2:*:*:*:*:*:*

cpe:2.3:a:cmsmadesimple:cms_made_simple:1.4:*:*:*:*:*:*:*

cpe:2.3:a:cmsmadesimple:cms_made_simple:1.4.1:*:*:*:*:*:*:*

cpe:2.3:a:cmsmadesimple:cms_made_simple:1.5:*:*:*:*:*:*:*

cpe:2.3:a:cmsmadesimple:cms_made_simple:1.5.1:*:*:*:*:*:*:*

cpe:2.3:a:cmsmadesimple:cms_made_simple:1.5.2:*:*:*:*:*:*:*

cpe:2.3:a:cmsmadesimple:cms_made_simple:1.5.3:*:*:*:*:*:*:*

cpe:2.3:a:cmsmadesimple:cms_made_simple:1.5.4:*:*:*:*:*:*:*

cpe:2.3:a:cmsmadesimple:cms_made_simple:1.6:*:*:*:*:*:*:*

cpe:2.3:a:cmsmadesimple:cms_made_simple:1.6.1:*:*:*:*:*:*:*

cpe:2.3:a:cmsmadesimple:cms_made_simple:1.6.2:*:*:*:*:*:*:*

cpe:2.3:a:cmsmadesimple:cms_made_simple:1.6.3:*:*:*:*:*:*:*

cpe:2.3:a:cmsmadesimple:cms_made_simple:1.6.4:*:*:*:*:*:*:*

cpe:2.3:a:cmsmadesimple:cms_made_simple:1.6.5:*:*:*:*:*:*:*

cpe:2.3:a:cmsmadesimple:cms_made_simple:1.6.6:*:*:*:*:*:*:*

cpe:2.3:a:cmsmadesimple:cms_made_simple:1.6.7:*:*:*:*:*:*:*

cpe:2.3:a:cmsmadesimple:cms_made_simple:1.7:*:*:*:*:*:*:*

cpe:2.3:a:cmsmadesimple:cms_made_simple:1.7.1:*:*:*:*:*:*:*

cpe:2.3:a:cmsmadesimple:cms_made_simple:1.8:*:*:*:*:*:*:*

cpe:2.3:a:cmsmadesimple:cms_made_simple:1.8.1:*:*:*:*:*:*:*

cpe:2.3:a:cmsmadesimple:cms_made_simple:1.8.2:*:*:*:*:*:*:*

cpe:2.3:a:cmsmadesimple:cms_made_simple:1.9:*:*:*:*:*:*:*

cpe:2.3:a:cmsmadesimple:cms_made_simple:1.9.1:*:*:*:*:*:*:*

cpe:2.3:a:cmsmadesimple:cms_made_simple:1.9.2:*:*:*:*:*:*:*

cpe:2.3:a:cmsmadesimple:cms_made_simple:1.9.3:*:*:*:*:*:*:*

cpe:2.3:a:cmsmadesimple:cms_made_simple:1.9.4:*:*:*:*:*:*:*

cpe:2.3:a:cmsmadesimple:cms_made_simple:1.9.4.1:*:*:*:*:*:*:*

cpe:2.3:a:cmsmadesimple:cms_made_simple:1.9.4.2:*:*:*:*:*:*:*

EPSS

Процентиль: 75%

0.00903

Низкий

3.5 Low

CVSS2

Дефекты

CWE-22

Связанные уязвимости

GHSA-xx8v-9cvf-fc7h

github

около 3 лет назад